{"course":{"productid":29836,"modality":1,"active":true,"language":"de","title":"Investigating Incidents with Splunk SOAR","productcode":"IISS","vendorcode":"SP","vendorname":"Splunk","fullproductcode":"SP-IISS","courseware":{"has_ekit":false,"has_printkit":true,"language":""},"url":"https:\/\/portal.flane.ch\/course\/splunk-iiss","essentials":"<p>Basic Security operations knowledge.<\/p>","audience":"<ul>\n<li>SOC analysts<\/li><li>SOAR Administrators<\/li><li>Automation Engineers<\/li><\/ul>","outline":"<h5>Topic 1 &ndash; Starting Investigations<\/h5><ul>\n<li>SOAR investigation concepts<\/li><li>ROI view<\/li><li>Using the Analyst Queue<\/li><li>Using indicators<\/li><li>Using search<\/li><\/ul><h5>Topic 2 &ndash; Working on Events<\/h5><ul>\n<li>Use the Investigation page to work on events<\/li><li>Use the heads-up display<\/li><li>Set event status and other fields<\/li><li>Use notes and comments<\/li><li>How SLA affects event workflow<\/li><li>Using artifacts and files<\/li><li>Exporting events<\/li><li>Executing actions and playbooks<\/li><li>Managing approvals<\/li><\/ul><h5>Topic 3 &ndash; Cases: Complex Events<\/h5><ul>\n<li>Use case management for complex investigations<\/li><li>Use case workflows<\/li><li>Mark evidence<\/li><li>Running reports<\/li><\/ul>","summary":"<p>This course prepares security practitioners to use SOAR to respond to security incidents, investigate vulnerabilities, and take action to mitigate and prevent security problems.<\/p>","essentials_plain":"Basic Security operations knowledge.","audience_plain":"- SOC analysts\n- SOAR Administrators\n- Automation Engineers","outline_plain":"Topic 1 \u2013 Starting Investigations\n\n\n- SOAR investigation concepts\n- ROI view\n- Using the Analyst Queue\n- Using indicators\n- Using search\nTopic 2 \u2013 Working on Events\n\n\n- Use the Investigation page to work on events\n- Use the heads-up display\n- Set event status and other fields\n- Use notes and comments\n- How SLA affects event workflow\n- Using artifacts and files\n- Exporting events\n- Executing actions and playbooks\n- Managing approvals\nTopic 3 \u2013 Cases: Complex Events\n\n\n- Use case management for complex investigations\n- Use case workflows\n- Mark evidence\n- Running reports","summary_plain":"This course prepares security practitioners to use SOAR to respond to security incidents, investigate vulnerabilities, and take action to mitigate and prevent security problems.","skill_level":"Beginner","version":"7.0","duration":{"unit":"d","value":0,"formatted":"3 Stunden"},"pricelist":{"List Price":{"US":{"country":"US","currency":"USD","taxrate":null,"price":500},"GB":{"country":"GB","currency":"GBP","taxrate":20,"price":420},"PL":{"country":"PL","currency":"USD","taxrate":23,"price":500},"DE":{"country":"DE","currency":"EUR","taxrate":19,"price":500},"NL":{"country":"NL","currency":"EUR","taxrate":21,"price":500},"CA":{"country":"CA","currency":"CAD","taxrate":null,"price":690},"CH":{"country":"CH","currency":"CHF","taxrate":8.1,"price":500}}},"lastchanged":"2026-03-18T17:25:23+01:00","parenturl":"https:\/\/portal.flane.ch\/swisscom\/json-courses","nexturl_course_schedule":"https:\/\/portal.flane.ch\/swisscom\/json-course-schedule\/29836","source_lang":"de","source":"https:\/\/portal.flane.ch\/swisscom\/json-course\/splunk-iiss"}}